In October 2016, the Federal Communications Commission approved new privacy rules that require broadband service providers to get permission from consumers before gathering and sharing information about them. The rules are worrying to broadband providers and advertisers who rely on that information to provide targeted offers to mobile consumers, but they may also be an opportunity to build better, more profitable relationships with consumers.

No opting out of consumer privacy

Until now, broadband providers like AT&T, Verizon and Comcast were permitted to gather information on consumers unless a consumer explicitly opted out. These companies routinely track and store information on consumers’ web browsing habits, the apps they use, and where they go (geo-location), as well as financial information. Most consumers aren’t even aware how their information is being shared, so opting out is relatively rare.

Under the new rules, broadband operators are required to get explicit opt-in consent from consumers before using or sharing sensitive information, including precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of their communications. (Non-sensitive information such as addresses can still be shared unless the consumer explicitly opts out, and de-identified data can be shared.) Providers have to tell consumers what information they are collecting, how it may be used, and how to control their privacy preferences.

Broadband providers are also required to engage in “reasonable data security practices “and are encouraged to meet “common-sense data breach notification requirements.” Affected customers have to be notified no more than 30 days after determination of a breach, the FCC has to be notified within 30 days of a breach affecting fewer than 5,000 customers, and the FCC, FBI, and Secret Service have to be notified within seven business days of a breach affecting 5,000 or more.

Brace for impact

Broadband providers are understandably concerned about the business impact of these new rules. Targeted advertising is an important source of revenue for them, and the potential impact of consumers opting out is so great that The New York Times speculated it could affect AT&T’s $85.4 billion bid for Time Warner. Cable lobbying groups and groups like the Association of National Advertisers are also protesting.

There has already been lobbying against the new rules under the next administration — Angelique Carson, CIPP/US, writes about the potential rollback in  this month's Privacy Advisor — but, for now, broadband providers must prepare to comply with the privacy requirements. They need to provide privacy policies and opt-in forms when consumers sign up for broadband service, they need to make the policy available through their websites and mobile apps, and they need to notify consumers of any policy changes. They also need to review their incident response plans and make sure they are prepared to comply with the new breach notification rules.

Privacy is a business opportunity

The new privacy rules will go effect in late 2018, and their full impact won’t be known until then. However, broadband providers and advertisers may benefit by looking at this as an opportunity to strengthen relationships with consumers.

For years, advertising revenue has offset the costs of broadband service, and consumers benefit from those lower costs. However, under the new rules, the FCC will be on the lookout for “pay for privacy” offerings, where consumers are asked a higher price for a plan that guarantees their personal information won’t be shared, or “take it or leave it” offerings where consumers have to agree to sharing in order to sign up. The alternative is to make opting in attractive to consumers by partnering with advertisers and service companies that offer them real value.

The success of online advertising groups like Groupon and LivingSocial show that consumers are happy to opt in to well-targeted advertising that offers them deals on things they really want. And location-based services are a big part of the consumer value of mobile broadband. For the most part, consumers will want to opt in to having their data shared, especially if broadband operators could give them some control over how it is shared and with whom. Mobile users can already choose whether location information is shared with specific apps. Perhaps a menu of sharing choices could be offered as a service. Broadband operators could even offer privacy controls as a competitive advantage. The benefit to advertisers is that they would get better-qualified leads.

Advertising abides

Sometimes the digital economy seems like an endless struggle between consumer privacy and advertisers. Just look at telephone advertising. The FTC created the Do Not Call registry, and marketing companies began to call with “public service announcements” to get around the rules. Consumers got caller ID to screen calls, marketing started using technology to spoof phone numbers, and consumers started buying programmable call blockers. Online, consumers are getting more sophisticated at using pop-up blockers and privacy settings to screen unwanted advertising. Advertising always finds a way in, but if the annoyance is great enough, consumers will always find a new way to block it.

In response to the new FCC rules, Austin Schlick, Google’s director of communications law, said that “Consumers benefit from responsible online advertising, individualized content, and product improvements based on browsing information.” If broadband operators and mobile advertisers can make those benefits clear to consumers and give them choices on the advertising they receive, then they should opt in, and better consumer privacy will ultimately benefit everyone.